import { NextRequest, NextResponse } from "next/server";
import { prisma } from "@/lib/prisma";
import bcrypt from "bcryptjs";

export async function GET(req: NextRequest) {
  const userId = req.nextUrl.searchParams.get("id");
  if (!userId) {
    return NextResponse.json(null);
  }

  const user = await prisma.user.findUnique({ where: { id: userId } });
  if (!user) {
    return NextResponse.json(null);
  }

  return NextResponse.json({
    id: user.id,
    username: user.username,
    avatar: user.avatar,
    email: user.email,
    preferences: JSON.parse(user.preferences),
    createdAt: user.createdAt.toISOString(),
  });
}

export async function PUT(req: NextRequest) {
  const body = await req.json();
  const { userId } = body;

  if (!userId) {
    return NextResponse.json({ error: "缺少用户 ID" }, { status: 400 });
  }

  const existing = await prisma.user.findUnique({ where: { id: userId } });
  if (!existing) {
    return NextResponse.json({ error: "用户不存在" }, { status: 404 });
  }

  const updateData: Record<string, unknown> = {};

  if (body.username !== undefined) {
    const trimmed = body.username.trim();
    if (trimmed.length < 2 || trimmed.length > 16) {
      return NextResponse.json({ error: "用户名需要 2-16 个字符" }, { status: 400 });
    }
    if (trimmed !== existing.username) {
      const taken = await prisma.user.findUnique({ where: { username: trimmed } });
      if (taken) {
        return NextResponse.json({ error: "用户名已被占用" }, { status: 409 });
      }
    }
    updateData.username = trimmed;
  }

  if (body.newPassword !== undefined) {
    if (!body.currentPassword) {
      return NextResponse.json({ error: "请输入当前密码" }, { status: 400 });
    }
    const valid = await bcrypt.compare(body.currentPassword, existing.passwordHash);
    if (!valid) {
      return NextResponse.json({ error: "当前密码错误" }, { status: 403 });
    }
    if (body.newPassword.length < 6) {
      return NextResponse.json({ error: "新密码至少 6 个字符" }, { status: 400 });
    }
    updateData.passwordHash = await bcrypt.hash(body.newPassword, 10);
  }

  if (body.avatar !== undefined) {
    updateData.avatar = body.avatar;
  }

  if (body.email !== undefined) {
    if (body.email && !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(body.email)) {
      return NextResponse.json({ error: "邮箱格式不正确" }, { status: 400 });
    }
    updateData.email = body.email || null;
  }

  if (body.preferences !== undefined) {
    updateData.preferences = JSON.stringify(body.preferences);
  }

  const user = await prisma.user.update({
    where: { id: userId },
    data: updateData,
  });

  return NextResponse.json({
    id: user.id,
    username: user.username,
    avatar: user.avatar,
    email: user.email,
    preferences: JSON.parse(user.preferences),
  });
}